Privacy Policy

Privacy Policies

Article 1 — Identity of the Data Controller

This site is published by:

Company name: MyMy micro-enterprise Legal form: Individual entrepreneur (micro-enterprise) Name of manager: Li Estelle SIRET number: 10561010900016 Registered office: 99 Avenue de Verdun, 92130 Issy-les-Moulineaux, France Email address: mymystillyourcharm@gmail.com

Article 2 – Data collected and purposes

As part of its activity, MYMY collects and processes the following categories of personal data:

2.1 Order and delivery data First name and last name, postal delivery address (and billing address, if different), email address, telephone number (optional, used only for delivery).

Purpose: processing, preparation, and tracking of orders; communication regarding delivery status.

2.2 Payment data Credit card data (number, expiration date, security code) is collected and processed exclusively by Shopify Payments. MYMY never has access to this data and does not store it.

Purpose: securing and validating financial transactions.

2.3 Customer account data If you create an account on our store, your login data (email, encrypted password) and your order history are kept.

Purpose: managing your personal space and simplifying future orders.

2.4 Browsing data and cookies When you visit our site, technical data is automatically collected: IP address, browser type, pages viewed, visit duration, data related to the devices used.

Purpose: audience measurement, improvement of user experience, fraud detection.

2.5 Communication data When you contact us by email, we process the data contained in your messages (name, email, content of the request).

Purpose: processing your requests and after-sales service.

Article 3 – Legal basis for processing

Each processing operation is based on one of the following legal bases provided for by Article 6 of Regulation (EU) 2016/679 (GDPR):

Processing

Order processing and delivery
Payment management
Customer account management
Retention of accounting data
Strictly necessary cookies
Analytical and marketing cookies
Responding to contact requests
Fraud prevention

Legal basis

Performance of a contract (Art. 6.1.b)
Performance of a contract (Art. 6.1.b)
Performance of a contract (Art. 6.1.b)
Legal obligation (Art. 6.1.c)
Legitimate interest (Art. 6.1.f)
Consent (Art. 6.1.a)
Legitimate interest (Art. 6.1.f)
Legitimate interest (Art. 6.1.f)

Article 4 – Data retention period

MYMY retains your personal data for the period strictly necessary for the purposes described above, and in compliance with applicable legal obligations:

Order and delivery data: 3 years from the last order, in accordance with the common law contractual limitation period.
Billing and accounting data: 10 years from the end of the relevant fiscal year, in accordance with Article L. 123-22 of the French Commercial Code.
Customer account data: duration of the account, then 3 years from the last activity if not deleted by the user.
Communication data (emails): 3 years from the last interaction.
Analytical cookies: maximum 13 months from deposit, in accordance with CNIL recommendations.
Fraud prevention data: 5 years from the closing of the relevant case.

Upon expiry of these periods, the data is deleted or irreversibly anonymized.

Article 5 — Data recipients

Your personal data is neither sold nor rented to third parties. They may be transmitted to the following categories of recipients, strictly within the limits of their responsibilities:

5.1 Payment Provider Financial transactions are processed by Shopify Payments (Stripe infrastructure), which handles all payment methods offered in the store (credit card, PayPal, Apple Pay, etc.). MYMY never stores your payment data.

5.2 Logistics Providers and Carriers Carriers responsible for delivering your orders receive the necessary information for delivery (first name, last name, postal address).

5.3 Shopify Inc. Our store is hosted and operated via the Shopify platform. As such, Shopify acts as a data processor and processes the data necessary for the technical operation of the store, in accordance with its own Data Processing Agreement.

5.4 Public Authorities In the event of a legal, regulatory or judicial obligation, MYMY may be required to disclose your data to the competent authorities.

No data is transferred for commercial purposes to third parties not mentioned above.

Article 6 – Data transfers outside the European Union

Shopify Inc., headquartered in Canada, may process your data outside the European Union, including in the United States.

These transfers are governed by appropriate safeguards, in accordance with Chapter V of the GDPR, and in particular by the Standard Contractual Clauses (SCCs) adopted by the European Commission.

For more information on Shopify's data protection practices: https://www.shopify.com/legal/privacy

You can obtain a copy of these safeguards by contacting us at the address indicated in Article 1.

Article 7 — Your rights

In accordance with the GDPR and Law No. 78-17 of January 6, 1978, relating to data processing, files, and freedoms, you have the following rights:

Right of access (Art. 15 GDPR) Obtain confirmation as to whether or not your data is being processed, as well as a copy thereof.

Right to rectification (Art. 16 GDPR) Request the correction of inaccurate or incomplete data concerning you.

Right to erasure (Art. 17 GDPR) Request the deletion of your data when it is no longer necessary for the purposes for which it was collected, or in other cases provided for by regulations.

Right to data portability (Art. 20 GDPR) Receive your data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.

Right to object (Art. 21 GDPR) Object at any time to the processing of your data based on MYMY's legitimate interest, for reasons relating to your particular situation.

Right to restriction of processing (Art. 18 GDPR) Request the temporary suspension of the processing of your data in certain cases provided for by the GDPR.

Right to withdraw consent When processing is based on your consent, you can withdraw it at any time, without affecting the lawfulness of processing carried out before this withdrawal.

Article 8 – How to exercise your rights

To exercise one of the rights mentioned in Article 7, please send your request by email to:

mymystillyourcharm@gmail.com

Please indicate your first name, last name, and the precise subject of your request. An ID may be requested to verify your identity and protect your data against any unauthorized access.

MYMY commits to responding to you within one month of receiving your request. This period may be extended by two additional months in case of complex or numerous requests, after prior notification from you.

Article 9 — Cookies and trackers

9.1 Definition Cookies are small text files placed on your device when you visit our website. They allow us to store information related to your browsing.

9.2 Types of cookies used

Strictly necessary cookies Essential for the website's operation (cart management, user session, security). They cannot be disabled and do not require your consent.

Analytical cookies Allow us to measure our site's audience and improve its functionality. They are only placed after obtaining your consent.

Preference cookies Store your browsing preferences (language, currency). They are only placed after obtaining your consent.

9.3 Managing your preferences During your first visit, a banner allows you to accept or refuse non-essential cookies. You can change your preferences at any time via the "Cookie Management" link available at the bottom of the page, or by configuring your browser.

The validity period of your consent is 6 months, after which it will be requested again.

Article 10 — Data Security

MYMY implements appropriate technical and organizational measures to ensure a level of security commensurate with the risk, in accordance with Article 32 of the GDPR. These measures notably include the encryption of data in transit (HTTPS/TLS protocol) and the use of certified providers for payment processing (PCI-DSS certification).

In the event of a data breach likely to pose a risk to your rights and freedoms, MYMY undertakes to inform the CNIL within the regulatory deadlines and, if necessary, the individuals concerned.

Article 11 — Right to file a complaint with the CNIL

If you consider that the processing of your personal data violates applicable regulations, you have the right to lodge a complaint with the competent supervisory authority:

Commission Nationale de l'Informatique et des Libertés (CNIL) 3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07 Telephone: +33 1 53 73 22 22 Website: www.cnil.fr

This right is exercised without prejudice to any other administrative or judicial remedy.

Article 12 – Changes to this Policy

MYMY reserves the right to modify this Privacy Policy at any time, particularly to comply with any legal or regulatory changes. In the event of substantial modification, you will be informed by email or by a visible notice on the website.

The current version is the one published on the website on the date of your visit.